Text size:

  • Small
  • Normal
  • Large
Leon Panetta, the US defence secretary, has warned of a highly targeted and orchestrated attack by America's adversaries. Carolyn Kaster / AP Photo
Carolyn Kaster STF
Leon Panetta, the US defence secretary, has warned of a highly targeted and orchestrated attack by America's adversaries. Carolyn Kaster / AP Photo

Is cyber security cure worse than disease?

Leon Panetta's plan to safeguard the computers running critical US infrastructure would, analysts say, remove that which keeps the system safe: its fragmentation.

There is a growing view that the US defence secretary's new strategy on cyber security could vastly increase the risk of the very "cyber Pearl Harbor" it is meant to prevent.

The secretary, Leon Panetta, has warned that America is facing the prospect of a highly targeted and orchestrated attack by adversaries of the United States, which officials identified as China, Russia, Iran and militant groups.

Mr Panetta outlined a nightmare scenario in which the US suffers a string of disasters such as derailed passenger trains loaded with lethal chemicals, simultaneous contamination of the water supply in major cities and a shutdown of the power grid across large parts of the country.

The Pentagon's strategy to counter this risk would effectively involve giving the government access to private IT systems across America, including those of large corporations and those involved in critical services in order to detect malicious software known as "malware". Financial institutions are understood to be particularly at risk since a cyber meltdown of the banks could devastate the fragile US economy.

But according to technology and security analysts, the US strategy risks opening a back door to a foreign power or terrorist group intent on bringing down critical infrastructure.

Indeed, the analysts say the reason that the US has so far not suffered a massive cyber attack is the current fragmentation of its private IT systems. Existing systems do not have a common security structure and do not share information easily with one another.

According to Graham Cluley, an analyst at the computer security firm Sophos, "Firms running critical infrastructure tend to put measures in place to reduce the opportunities for an internet-based attack to be successful - for instance, by not connecting sensitive systems to the net."

But any attempt by the government to link private systems could allow hackers who have gained entry to one organisation to infiltrate others, effectively giving them temporary control of the american infrastructure and financial systems, with potentially devastating consequences.

"One of the big concerns right now is that a number of systems may have been rooted and are just waiting for a command to do some really ugly stuff," says Rob Enderle, the principal analyst at the US-based Enderle Group.

He adds: "I don't even think the department of defence [DOD] is thinking this through because right now the systems aren't talking to each other, making it difficult to spread a virus around but the DOD wants to connect these systems for reporting and tracking attacks. But this connection could make us vastly more vulnerable to successful national attack."

Certain hardware designed to prevent this kind of attack exists, but isn't being implemented widely enough.

According to Mr Enderle: "The exposed systems range from cellphones to large servers."

But even if all the newly connected IT systems in the US carried sufficient software security, the very existence of a networked system would open up the US to the prospect of human sabotage.

According to Mr Cluley: "The biggest risk to critical infrastructure is likely to involve the 'insider threat', a member of staff who has access to critical systems but may have allegiances to enemy actors."

Heidi Shey, an analyst at the research company Forrester, says: "Insiders and business partners also have access to data and information that they compromise. Whether their actions are intentional or unintentional, insiders cause their fair share of breaches."

She adds: "Other common sources of breach include loss or theft of corporate assets, such as laptops or USB drives, and external attacks that target corporate servers or users."

Forrester surveyed 583 North American and European companies that had an IT security breach in the past 12 months and found that hacking was far from being the main cause.

The loss or theft of a corporate asset such as a laptop or smartphone accounted for 31 per cent of breaches, with inadvertent misuse by an insider representing 27 per cent and abuse by a malicious insider 12 per cent.

The growing popularity of portable IT devices such as smartphones and computer tablets represents a new threat to cyber security. In addition to being0 easily lost or stolen when taken outside the workplace, there is a growing tendency for staff to use their personal IT to try to access corporate systems.

Forrester's research discovered that most organisations have policies in place for smartphone, tablet and consumer-oriented tool use, but more than half say that they either don't have the tools to enforce policy or that their current tools are insufficient for enforcing it.

The West's reliance on increasingly complex and potentially vulnerable IT systems to run and manage critical infrastructure makes it vulnerable to attack, engendering a growing fear that the next major global war will be fought in cyber space.

business@thenational.ae

Back to the top

More articles


Editor's Picks

 Marina Square apartments Reem Island: Q1 2% rise. Studio - Dh65-68,000. 1BR - Dh75-95,000. 2BR - Dh110-145,000. 3BR - Dh170-190,000. Q1 2013-Q1 2014 no change. Sammy Dallal / The National

In pictures: Where Abu Dhabi rents have risen and fallen, Q1 2014

Find out how rental prices in the prime locations in Abu Dhabi have altered during the first three months of the year and the current rates you will pay according to data provided by Asteco.

 A Brabus Mercedes 6x6 Sports Utility Vehicle is readied for display during Auto China 2014 in Beijing, on April 20. Adrian Bradshaw / EPA

In pictures: Auto China 2014 exhibition

Leading automakers have gathered in Beijing for the kickoff of China’s biggest car show, but lacklustre growth and environmental restrictions in the world’s largest car market have thrown uncertainty into the mix. More than 1,100 vehicles are being showcased.

 The New York Stock Exchange. Rising interest rates will shift momentum away from bonds and back towards risk assets such as stocks. Richard Drew / AP Photo

Plan ahead for rising interest rates

It is now over five years since the majory central banks slashed interest rates to record low but that is all about to change. So, how will rising interest rates affect you?

 The Wind, Energy, Technology and Environment Exhibition takes place from April 14 to April 16. Above, the Dewa showroom during last year’s Wetex. Jaime Puebla / The National

April corporate and economic calendar for the UAE and overseas

From Cityscape to Wetex to stock-market holidays to nations reporting first-quarter GDP figures, here is our helpful calendar of April's business events in the UAE and internationally.

 The Greens, villas: Q1 no change. 3BR - Dh210-250,000. 4BR - Dh210-260,000. 5BR - Dh220-300,000. Q1 2013-Q1 2014 5% rise. Pawan Singh / The National

In pictures: Where Dubai rents have risen and fallen, Q1 2014

Find out how rental prices in the prime locations in Dubai have altered during the first three months of the year and the current rates you will pay according to data provided by Asteco.

 Get the latest information on credit cards, bank accounts and loan products in the UAE. Mark Lennihan / AP Photo

Rates report: Latest on UAE loans, accounts and credit cards

Souqamal.com brings you the latest interest rates on banking products in the UAE.

Events

To add your event to The National listings, click here

Get the most from The National